• To: ari@c... (K. Ari Krupnikov)
• Subject: Re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
• From: "Alaric B. Snell" <alaric@a...>
• Date: Mon, 24 Feb 2003 17:58:52 +0000
• Cc: <xml-dev@l...>
• In-reply-to: <f0f7kbpd1b8.fsf_-_@p...>
• References: <000701c2db85$b7328570$6401a8c0@pcukmka> <E18nGAf-000320-00@c...> <f0f7kbpd1b8.fsf_-_@p...>

On Monday 24 February 2003 17:40, K. Ari Krupnikov wrote:
> "Alaric B. Snell" <alaric@a...> writes:
> > You can sometimes have fun with shopping sites that use third party
> > credit card payment systems by getting to the page that has the form that
> > submits to the third party, saving it to disk, editing the hidden fields
> > for 'amount' to a smaller number but leaving the order number intact,
> > then submitting it.
>
> I keep hearing it... Have you actually seen this exploited? Don't
> implicate yourself, if you had a *friend* who did, that should be
> enough to satisfy my curiosity.

Not a friend, but a friend of a friend! This was a couple of years ago. Hrm, 
I think it may have been mentioned in NTK?

http://www.ntk.net/

But I've not had any luck getting search terms that pick it up...

>
> Ari.
>

ABS

-- 
A city is like a large, complex, rabbit
 - ARP

• References:
  • RE: Re: Are the data users happy? Why not?
    • From: "Michael Kay" <michael.h.kay@n...>
  • Re: Re: Are the data users happy? Why not?
    • From: "Alaric B. Snell" <alaric@a...>
  • OT: client vs. server-side validation (was: Are the data users happy? Why not?)
    • From: ari@c... (K. Ari Krupnikov)

• Prev by Date: re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
• Next by Date: DOM support in IE vs. NS
• Previous by thread: re: OT: client vs. server-side validation (was: Are the data users happy? Why not?)
• Next by thread: Re: Re: Are the data users happy? Why not?
• Index(es):
  • Date
  • Thread